Presentation Material
Abstract
The presentation begins with an introduction to phishing, its impact across various industries, and the scale of the threat it poses. We then deep dive into phishing attack types, explaining the entire attack lifecycle, including the security controls industries use to prevent phishing and how these defenses work. Next, we discuss the custom phishing infrastructure we built using open-source tools like GoPhish and Evilginx. We demonstrate how to execute a full-fledged phishing attack, including setting up phishlets and lures that support MFA bypass, and how attackers leverage stolen tokens and credentials. We also cover the step-by-step setup of each attack phase, detailing the exact requests that need to be captured for a successful phishing campaign. A visual breakdown of the attack infrastructure follows, explaining each component and its role in the phishing operation. We then discuss various techniques attackers use to bypass modern security filters, ensuring phishing emails land directly in the victim’s inbox. After explaining the attack workflow and bypass techniques, we perform a live attack demonstration, showcasing how phishing leads to credential and token theft, ultimately allowing unauthorized access. After the offensive demonstration, we transition to the defensive perspective, introducing our newly developed phishing detection mechanism powered by fine-tuned LLM models that provide sentiment and behavioral analysis for more effective phishing detection. Finally, we showcase how this AI-driven detection system works, its components, and how it effectively identifies and prevents phishing attacks in real time. CONFidence 2025, 2 June 2025, Krakรณw.